184805 – [libcrypto] [patch] GOST engine in OpenSSL exists but doesn't work

Bug 184805 - [libcrypto] [patch] GOST engine in OpenSSL exists but doesn't work

Summary: [libcrypto] [patch] GOST engine in OpenSSL exists but doesn't work

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	Unspecified
Hardware:	Any Any

Importance:	Normal Affects Some People
Assignee:	Enji Cooper

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-12-16 16:00 UTC by Ivan Zhdanov
Modified:	2015-11-09 17:49 UTC (History)
CC List:	4 users (show)

See Also:

Flags:	ngie: mfc-stable10+ ngie: mfc-stable9- ngie: mfc-stable8-

Attachments
file.diff (598 bytes, patch) 2013-12-16 16:00 UTC, Ivan Zhdanov	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ivan Zhdanov 2013-12-16 16:00:01 UTC

When try use GOST engine with OpenSSL, application show error:

34379118248:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_dlfcn.c:187:filename(/usr/lib/engines/libgost.so): /usr/lib/engines/libgost.so: Undefined symbol "ERR_load_GOST_strings"

Fix: Add in file /usr/src/secure/lib/libcrypto/engines/libgost/Makefile, section "SRCS", missing file:
e_gost_err.c

and rebuild.

patch in attachment.

Patch attached with submission follows:
How-To-Repeat: Add in file /etc/ssl/openssl.cnf
=============================
openssl_conf            = openssl_def

[ openssl_def ]
engines = engine_section

[ engine_section ]
gost = gost_section

[ gost_section ]
engine_id = gost
default_algorithms = ALL
=============================
and try show all ciphers:

"openssl ciphers"

Comment 1 marka 2015-10-30 05:19:35 UTC

This prevents named from supporting GOST for DNSSEC.

It's a simple fix to the Makefile to fix this.  It shouldn't take two
years to be applied.

Comment 2 commit-hook freebsd_committer

2015-10-30 05:34:20 UTC

A commit references this bug:

Author: ngie
Date: Fri Oct 30 05:33:38 UTC 2015
New revision: 290178
URL: https://svnweb.freebsd.org/changeset/base/290178

Log:
  Fix GOST engine cipher linkage by adding e_gost_err.c to SRCS so it
  picks up undefined symbols, like "ERR_load_GOST_strings"

  MFC after: 3 days
  PR: 184805
  Submitted by: Ivan IvanZhdanov <ivan.zhdanov@gmail.com>
  Sponsored by: EMC / Isilon Storage Division

Changes:
  head/secure/lib/libcrypto/engines/libgost/Makefile

Comment 3 Enji Cooper freebsd_committer

2015-10-30 05:35:00 UTC

(In reply to marka from comment #1)

Thanks for the prod marka. I'll be sure to MFC it back to stable/8, just because.

Comment 4 commit-hook freebsd_committer

2015-11-09 06:55:46 UTC

A commit references this bug:

Author: ngie
Date: Mon Nov  9 06:55:05 UTC 2015
New revision: 290575
URL: https://svnweb.freebsd.org/changeset/base/290575

Log:
  MFC r290178:

  Fix GOST engine cipher linkage by adding e_gost_err.c to SRCS so it
  picks up undefined symbols, like "ERR_load_GOST_strings"

  PR: 184805
  Submitted by: Ivan IvanZhdanov <ivan.zhdanov@gmail.com>
  Sponsored by: EMC / Isilon Storage Division

Changes:
_U  stable/10/
  stable/10/secure/lib/libcrypto/engines/libgost/Makefile

Comment 5 Enji Cooper freebsd_committer

2015-11-09 07:03:15 UTC

gost cipher support doesn't seem to have been added since 1.0.1c in the FreeBSD tree, so I can't backport this change any further than stable/10. Please send an email to the current openssl maintainers (CCed) if you'd think it should be backported further.

Thanks!

Comment 6 Enji Cooper freebsd_committer

2015-11-09 07:03:50 UTC

doesn't seem -> seems to have been

Comment 7 Jung-uk Kim freebsd_committer

2015-11-09 17:49:25 UTC

(In reply to NGie Cooper from comment #5)
No, there's no need.  Thanks for taking care of this!